6clicks Releases New Materials to Support DISP Members

6clicks has long supported Defence Industry Security Program (DISP) members and our advisory partners working to achieve and maintain DISP membership and compliance with the Defence Security Principles Framework (DSPF). 6clicks has recently released a couple of new DISP specific assessment templates to assist DISP members understand their preparedness. Read on to find out more.

6clicks' support for DISP members

6clicks has long supported Defence Industry Security Program (DISP) members and our advisory partners work with the Defence Security Principles Framework (DSPF). The 6clicks platform provides Audit & Assessment and program management features combined with content such as the PSPF to make it easier.

6clicks is a platform that will help you to replace the spreadsheet nightmare and document drain typically associated with maintaining compliance to DISP membership requirements. Instead, you can make compliance a by-product of operating an effective security program.

What we've learnt helping DISP members over the past couple of years is that auditors hone in on the DISP requirements found within Control 16.1 of the DSPF. This boils down to meeting the DISP eligibility and suitability requirements found in Control 16.1 along with Annex B (the Suitability Matrix).

Eligibility requirements

The eligibility requirements include:

1. being registered as a legal business entity in Australia
2. being financially solvent
3. having a designated Chief Security Officer (CSO) and Security Officer (SO) roles
4. setting up a DISP email address
5. satisfying Foreign, Ownership, Control or Influence (FOCI) tests
6. avoiding relationships with listed terrorist organisations and sanctioned regimes/people/entities

Suitability requirements

The suitability requirements (Annex B) are divided into four categories of Governance, Personnel Security, Physical Security, and Information & Cyber Security, depending on the level of membership required (Entry Level, Level 1, Level 2 and Level 3).

At a high level they include things like:

1. Establishing a system of risk oversight and management
2. Ensuring your nominated CSO and SO are able to meet relevant security clearance requirements
3. Completion of the Defence SO training by the CSO and SO
4. Completion of employment screening and an annual security awareness course by all relevant personnel
5. Management of personnel/facilities and information & cyber security at the relevant level
6. Maintaining and implementing security policies and plans including an insider threat program

Information and cyber security

For information and cyber security specifically, you will need to meet one of the following standards:

1. ASD Essential 8
2. ISO/IEC 27001 and its Annex A
3. US NIST SP 800-171
4. UK Def Stan 05-138

Ongoing suitability requirements

Ongoing suitability requirements include:

1. safeguarding Defence and industry people, information and assets
2. complying with the DSPF and in turn the ASD E8, ISM and PSPF where applicable
3. retaining a CSO and SO
4. reporting any changes that may affect DISP membership 
5. complying with audit and assurance activities
6. keeping a register of overseas travel and travel briefings
7. reporting security incidents and foreign contacts to Defence

How can 6clicks help?

6clicks has recently made available the Suitability Requirements from Annex B as an Audit & Assessment Template in the 6clicks content library.

Along with a DISP Cyber Questionnaire that must be submitted to Defence upon request as a part of assurance activities.

These two new resources add to the DSPF and other useful content available in the 6clicks content library including the ASD Essential 8, the ISM and the PSPF.

And if you need a 6clicks partner to help you along the way, just ask!